Vulnerabilities > CVE-2004-1893

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

NVD

Published: 2004-12-31

Updated: 2024-11-20

Summary

Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp.

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Dreamweaver Ultradev 4.0 Macromedia Dreamweaver 6.0 Macromedia Dreamweaver 6.1 Macromedia Dreamweaver 2004	4

References

http://marc.info/?l=bugtraq&m=108102481929451&w=2
http://marc.info/?l=bugtraq&m=108102481929451&w=2
http://secunia.com/advisories/11284
http://secunia.com/advisories/11284
http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html
http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html
http://www.nextgenss.com/advisories/dreamweaver.txt
http://www.nextgenss.com/advisories/dreamweaver.txt
http://www.securityfocus.com/bid/10036
http://www.securityfocus.com/bid/10036
https://exchange.xforce.ibmcloud.com/vulnerabilities/15721
https://exchange.xforce.ibmcloud.com/vulnerabilities/15721

Vulnerabilities > CVE-2004-1893 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-1893"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2004-1893